<?php
/**
 * @Title:Modle Class Member
 * @Times:2010.04.15
 * @Author:雅典娜之子
 */
	
!defined('ACCESSING') && die('Hacking attempt');

class Member extends Base
{
	var $db;
	var $uid;
	var $username;
	var $userpass;
	var $usergroup;
	var $baseArray;

	/**
	 * 構造方法
	 */
	public function __construct() 
	{
		global $db,$BASE;
		$this->db = $db;
		$this->baseArray = $BASE;
		$this->uid = GetSession('UserId');

		if(empty($this->uid))//如果SESSION的用戶ID不存在
        {
            $this->ResetUser();
        }
        else
        {
            $this->uid = intval($this->uid);
            //检索用户信息并存入变量
            $this->InfoArray = $this->db->getone("SELECT * FROM `".$this->baseArray['prefix']."user` WHERE `uid` = ".$this->uid."");
            if(is_array($this->InfoArray))
            {
                $this->uid = $this->InfoArray['uid'];
                $this->username = $this->InfoArray['username'];
            }
            else
            {
                $this->ResetUser();
            }
        }
	}

	public function Member()
	{
		$this->__construct();
	}

	public function UserLogin()
	{
		$this->loginInfo = $this->getPost();
        if($this->loginInfo['act'] != 'userlogin' || empty($this->loginInfo['usergroup']) || !in_array($this->loginInfo['usergroup'],$this->baseArray['usergroup']))
        {
            ShowMsg('Access error！','',1);
            exit();
        }
        elseif($this->isLogin())
        {
            ShowMsg('您已經登入了系統，無需重複登入！', 'index.php',2);
            exit();
        }
        else
        {
            if(empty($this->loginInfo['username']) || $this->loginInfo['username'] == '')
            {
                ShowMsg('請填寫用戶名！','/admin/?view=ad_login',2);
                exit();
            }
            if(empty($this->loginInfo['userpass']) || $this->loginInfo['userpass'] == '')
            {
                ShowMsg('請填寫密碼！','/admin/?view=ad_login',2);
                exit();
            }
            $sqlconn = "SELECT `uid`,`username`,`userpass` FROM `".$this->baseArray['prefix']."user` WHERE `username` = '".$this->loginInfo['username']."' AND `userpass` = '".$this->GetEncodePwd($this->loginInfo['userpass'])."' AND usergroup = '".$this->loginInfo['usergroup']."'";
            $row = $this->db->getone($sqlconn);
            if(!is_array($row))
            {
                ShowMsg('帐号或密码错误，请重新输入！','',1);
                exit();
            }
            else
            {
                //登录成功，并写入SESSION
                $this->PutSession('UserId', $row['uid']);
                $this->PutSession('UserName', $row['username']);
                parent::JumpUrl('/admin/');
            }
        }
	}
	
	public function ResetPass()
    {
		$passInfo = $this->getPost();
		if($passInfo['newpass'] !== $passInfo['chkpass'])
		{
			ShowMsg('兩次密碼不相同，請確認！', '', 1);
			exit();
		}
		elseif(strlen($passInfo['newpass']) < 4 || strlen($passInfo['newpass']) > 15)
		{
			ShowMsg('新密碼不符合規範，請輸入4-15碼的英文或數字！', '', 1);
			exit();
		}
		else
		{
			$sqlconn = "SELECT `uid`,`username`,`userpass` FROM `".$this->baseArray['prefix']."user` WHERE `username` = '".$this->username."' AND `userpass` = '".$this->GetEncodePwd($passInfo['oldpass'])."'";
			$row = $this->db->getone($sqlconn);
			if(is_array($row))
			{
				$passInfo['newpass'] = $this->GetEncodePwd($passInfo['newpass']);
				$rs = $this->db->query("UPDATE `".$this->baseArray['prefix']."user` SET `userpass` = '".$passInfo['newpass']."' WHERE `username` = '".$this->username."'");
				if(true === $rs)
				{
					ShowMsg('密碼修改成功！', '../admin/?view=mainbody', 2);
					exit();
				}
			}
			else
			{
				ShowMsg('舊密碼有誤！', '', 1);
				exit();
			}
		}
    }

	public function GetEncodePwd($pwd,$pwdtype='default')
	{
		if(empty($pwdtype)) $pwdtype = '32';
		switch($pwdtype)
		{
			case 'l16':
				return substr(md5($pwd), 0, 16);
			case 'r16':
				return substr(md5($pwd), 16, 16);
			case 'm16':
				return substr(md5($pwd), 8, 16);
			default:
				return md5($pwd);
		}
	}

    public function dowith_sql($str)
    {
        $str = str_replace("'","",$str);
        $str = str_replace("\"","",$str);
        $str = str_replace(" ","",$str);
        $str = str_replace("=","",$str);
        $str = str_replace("%20","",$str);
        return $str;
    }

	public function ExitSession($JumpUrl)
	{
		$this->ResetUser();
        parent::JumpUrl($JumpUrl,2);
	}

    public function isLogin()
    {
        if($this->uid > 0) return true;
        else return false;
    }


	/**
	 * 保存SESSION
	 */
    public function PutSession($key,$value)
    {
        $_SESSION[$key] = $value;
        $_SESSION[$key.'__ckMd5'] = $this->GetEncodePwd($this->baseArray['encode_key'].$value);
    }


    /**
	 * 初始化用戶信息
	 */
    public function ResetUser()
	{
		$this->uid = 0;
		$this->username = '';
		$this->userpass = 0;
		$this->usergroup = '';
		DropSession('UserId');
        DropSession('UserName');
	}

    public function getUserList($group='all')
    {
        if($group !='all')
        {
            $where = "WHERE usergroup = '$group'";
        }
        else
        {
            $where = '';
        }
        $result = $this->db->query("SELECT uid,username,useremail,usergroup FROM `jm_user` {$where} ORDER BY uid DESC");
        while($row = $this->db->fetch_array($result))
        {
            $userlist[] = $row;
        }
        if(!empty($userlist))
        {
            $htmlstr = "<ul class='userul'>";
            foreach($userlist as $key=>$value)
            {
                $htmlstr .= "<li><input type='checkbox' name='userlist[]' value='".$value['useremail']."' />".$value['username']."</li>\n";
            }

            
            $htmlstr .= "</ul>";
            return $htmlstr;
        }
    }
}
?>